Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    DLNA across two interfaces / subnets

    Scheduled Pinned Locked Moved General pfSense Questions
    13 Posts 3 Posters 23.7k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • F
      fraglord
      last edited by

      I have set up pfSense with two NIC's as router for my home. On the LAN side is a DLNA Server (Twonky) and some DLNA clients / media renderer. On the WAN side is also one device that need to access the DLNA server. Searching here in the forum revealed that with IGMP proxy I can accomplish this task. Unfortunately there is not much info on how to set it up correctly. It should not matter which interface is set up as upstream or downstream interface. But by simply configuring a downstream and upstream interface not make the DLAN server visible to the client. What else need to be configured? Maybe some firewall rules?  :-\

      pfSense 2.4.0 (amd64) running on IGEL H710C | 1G RAM | 8G SSD | INTEL PRO/1000 PT Dual NIC

      1 Reply Last reply Reply Quote 0
      • F
        firewalluser
        last edited by

        Might be useful http://www.which.co.uk/reviews/televisions/article/advice/what-is-dlna
        and assuming you dont have compatibility issues like this bit mentioned in the link
        "First of all, file formats can be a bit of an issue. Some DLNA devices might play MP4 video files, but the device the MP4 is being sent to may be unable to recognise this particular file type. The same goes for the popular DivX video file type that many LG TVs support."

        then, yes it looks like you just need to create some rules so your wan device(s) can get through to your lan side server(s), but this is where it can get tricky, becuase you might not want to rely on the security of your dlna server to keep others out if you were to just create a Port Forward rule which will let anyone in from the wan to your DLNA/Mail/Web server(s).

        https://doc.pfsense.org/index.php/How_can_I_forward_ports_with_pfSense%3F
        https://doc.pfsense.org/index.php/Port_Forward_Troubleshooting

        Whats the device that is wan side?
        If its something like a phone, perhaps you can add say Openvpn to the phone which will get you behind the wan on its own network interface/ip range and then add another rule which takes you from the vpn network range to the lan network.

        I say OpenVPN as this uses UDP which is a packet of data that sends no packets back and is able to work when other restrictions might exist, unlike tcp packets which sends a receipt packet back and thus is less efficient at shifting data across networks. You'll find most streaming services use UDP instead of TCP as UDP is quickest.

        So quick answer is do a Port Forward ie create a NAT rule which will also add a fw rule for you automatically, but if you dont want to rely on your DLNA servers security abilitys, consider using something like OpenVPN on your wan device to get your securely behind the wan interface onto pfsense and then add a fw rule to go from your openvpn network range to your dlna server on your lan.

        hth.

        Capitalism, currently The World's best Entertainment Control System and YOU cant buy it! But you can buy this, or some of this or some of these

        Asch Conformity, mainly the blind leading the blind.

        1 Reply Last reply Reply Quote 0
        • stephenw10S
          stephenw10 Netgate Administrator
          last edited by

          Basically DLNA is not intended to be used across subnets. As a way of allowing devices/clients to discover servers it functions well enough but many manufacturers have come to depend on it entirely rendering their otherwise functional products completely non-functional.  >:( Any media playback client would have no problems at all accessing a server in another subnet if only there was a box in which to enter the servers IP address but manufacturers think that's too hard for consumers so it's DLNA or nothing!

          People have made it work with IGMP proxy but many have also failed. What devices are you connecting to the server?

          Steve

          1 Reply Last reply Reply Quote 0
          • F
            fraglord
            last edited by

            Let me provide some background info. For past years I have been using this router from my provider. It was doing NAT, WiFi, phone system etc. And using the cordless phones from same manufacturer allowed me to listen to DLNA sources in the LAN on the phone or send the stream to other media renderer in the network. Recently I changed my tariff plan to obtain a static IP and allow me to install my own router. The "old" router now has been degraded by the provider to a cable modem with a public IP (bridging to one LAN port) and telephone system. Other functionalities are gone. And since the "old" router / "new" cable modem now has only a public IP it won't see my local DLNA server.
            Using a VPN to achieve my goal is therefore not possible.
            So I would start to set up IGMP proxy with the upstream interface being my LAN 192.168.0.0/24 and downstream interface is the IP of my old router aka cablemodem?!
            For firewall config I came across this guide, see section "Swisscom TV"
            Do you think it is applicable (with some tweaking) to my scenario?

            pfSense 2.4.0 (amd64) running on IGEL H710C | 1G RAM | 8G SSD | INTEL PRO/1000 PT Dual NIC

            1 Reply Last reply Reply Quote 0
            • stephenw10S
              stephenw10 Netgate Administrator
              last edited by

              Hmm, I'm still not clear.  :-
              You are trying to setup an IGMP proxy between LAN and WAN. What device is on the WAN side that need access to DLNA resources in the LAN?

              Steve

              1 Reply Last reply Reply Quote 0
              • F
                fraglord
                last edited by

                The cablemodem which is able to act as a DLNA client (in combination with some phones that support this).

                pfSense 2.4.0 (amd64) running on IGEL H710C | 1G RAM | 8G SSD | INTEL PRO/1000 PT Dual NIC

                1 Reply Last reply Reply Quote 0
                • stephenw10S
                  stephenw10 Netgate Administrator
                  last edited by

                  Ah, OK. So your new cable modem is not just a modem then. Does it have a web interface? What IP is that accessed on? Does your pfSense box get a public IP on its WAN interface? (PPPoE, DHCP?)
                  If it really does have only a public IP then you would be opening up your firewall to multicast traffic from the internet in general which seems like a very bad idea!

                  Steve

                  1 Reply Last reply Reply Quote 0
                  • F
                    fraglord
                    last edited by

                    Actuall it is still the same router as I used for whole this time (see link above) and my provider re-configured it to act as cable modem and telephone system.
                    For sure it has a webinterface and a public IP (..*.109). The WAN interface on pfsense is configured as .110 with .109 as gateway. So I guess I can bury the idea to get it working for the sake of security  :-\

                    pfSense 2.4.0 (amd64) running on IGEL H710C | 1G RAM | 8G SSD | INTEL PRO/1000 PT Dual NIC

                    1 Reply Last reply Reply Quote 0
                    • stephenw10S
                      stephenw10 Netgate Administrator
                      last edited by

                      If it has a fixed IP then you can just limit your firewall rules to only allow that traffic.
                      It seem odd to me that a phone system would have DLNA playback capability. I guess why not.  ;)

                      Steve

                      1 Reply Last reply Reply Quote 0
                      • F
                        fraglord
                        last edited by

                        Haha, be sure it does. You can either play from USB storage attached to the box or any DLNA source. While it was still configured as router it worked pretty well. You can browse the media library on your phone and forward it to any media renderer in the network. So the phone acts like a remote control - pretty neat feature.
                        So I gave it a try and set up IGMP proxy as above. I enabled the option that allows packets with IP options to pass in my allow-all-outbound rule (LAN). Both rules (IGMP and UDP) for WAN have been configured like in that swisscom tutorial with source IP set to .109
                        But guess what? not working :(

                        pfSense 2.4.0 (amd64) running on IGEL H710C | 1G RAM | 8G SSD | INTEL PRO/1000 PT Dual NIC

                        1 Reply Last reply Reply Quote 0
                        • stephenw10S
                          stephenw10 Netgate Administrator
                          last edited by

                          Well DLNA is not IPTV so it's not directly transferable. Your server is on the inside playing streams to the outside so it's working the opposite way around to the IPTV example.
                          There are a few threads here I contributed to about getting DLNA working across two interfaces/subnets. At least one of them was successful.  ;)
                          Let me see if I can find it….Hmm can't find it. Thus might be useful though:
                          https://forum.pfsense.org/index.php?topic=73171.0
                          You'll need to know what ports your DLNA server is using for actually streaming the data.

                          Steve

                          1 Reply Last reply Reply Quote 0
                          • F
                            fraglord
                            last edited by

                            Still trying to figure out the ports of Twonky. Unfortunately the config files are not accessible as it is built into my NAS.
                            But with the IGMP proxy set up and the IGMP rule on the WAN interface at least the media server should show up. IGMP is used for discovery of devices ahile later on the actual streaming is done via UDP?!

                            pfSense 2.4.0 (amd64) running on IGEL H710C | 1G RAM | 8G SSD | INTEL PRO/1000 PT Dual NIC

                            1 Reply Last reply Reply Quote 0
                            • stephenw10S
                              stephenw10 Netgate Administrator
                              last edited by

                              You also need a rule on wan to allow udp port 1900 (also with IP options?) for the ssdp part of the discovery.
                              I'm not totally sure on this but I beleive it should go something like this:
                              Client sends out a multicast igmp packet, 'who is out there?'.
                              Server responds.
                              Client then talks SSDP to find out the name of the server and what services it offers.
                              Client then talks to the media server to request files/streams on the appropriate port.

                              Steve

                              1 Reply Last reply Reply Quote 0
                              • First post
                                Last post
                              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.